Your message dated Tue, 14 Jun 2011 11:47:23 +0000
with message-id <e1qws5b-0006p3...@franck.debian.org>
and subject line Bug#598463: fixed in libcloud 0.5.0-1
has caused the Debian Bug report #598463,
regarding python-libcloud: libcloud https connections are not secured against
mitm attacks
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
598463: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598463
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-libcloud
Severity: grave
Tags: security
Justification: user security hole
libcloud fails to perform ssl validation on https connections.
This means that users of this module, who which perform api requests using
https urls / connections are at risk to mitm attacks.
See http://github.com/tjfontaine/linode-python/issues/issue/1#issue/1 for more
information.
-- System Information:
Debian Release: 5.0.6
APT prefers stable
APT policy: (900, 'stable'), (600, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.35.4 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Source: libcloud
Source-Version: 0.5.0-1
We believe that the bug you reported is fixed in the latest version of
libcloud, which is due to be installed in the Debian FTP archive:
libcloud_0.5.0-1.debian.tar.gz
to main/libc/libcloud/libcloud_0.5.0-1.debian.tar.gz
libcloud_0.5.0-1.dsc
to main/libc/libcloud/libcloud_0.5.0-1.dsc
libcloud_0.5.0.orig.tar.bz2
to main/libc/libcloud/libcloud_0.5.0.orig.tar.bz2
python-libcloud_0.5.0-1_all.deb
to main/libc/libcloud/python-libcloud_0.5.0-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 598...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Soren Hansen <so...@ubuntu.com> (supplier of updated libcloud package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 14 Jun 2011 13:27:50 +0200
Source: libcloud
Binary: python-libcloud
Architecture: source all
Version: 0.5.0-1
Distribution: unstable
Urgency: low
Maintainer: Debian Python Modules Team
<python-modules-t...@lists.alioth.debian.org>
Changed-By: Soren Hansen <so...@ubuntu.com>
Description:
python-libcloud - unified Python interface into the cloud
Closes: 598463
Changes:
libcloud (0.5.0-1) unstable; urgency=low
.
* New upstream release (Closes: #598463)
* Make myself Uploader instead of Maintainer and set DPMT as the
maintainer.
* Adjust debian/watch now that libcloud is a toplevel Apache project.
* Remove dependency on zope.interface (dropped upstream).
* Convert to debhelper 7 and dh_python2.
* Bumped Standards-Version to 3.9.2. No changes needed.
* Bump debian/compat to 7.
* Drop debian/pycompat.
* Use debian/clean instead of overriding dh_auth_clean.
Checksums-Sha1:
3357d8f11d7d1e15327fd9748cee4c7d7e8473d2 1788 libcloud_0.5.0-1.dsc
b90ac50088b95f15f401c4d6a5e059eb25422f27 171850 libcloud_0.5.0.orig.tar.bz2
3949ea3b5ceb01e70b139360ee12247ccecdb081 2630 libcloud_0.5.0-1.debian.tar.gz
0f3b9adfe79fdd8ec96dc366844745f62c8ac9cd 115336 python-libcloud_0.5.0-1_all.deb
Checksums-Sha256:
7d0bc484cccd8ca25631eaa1b3fe8429b69dacf7f07988d6237366ecdea1aefb 1788
libcloud_0.5.0-1.dsc
797724aa67e3da94e21d54d7a683557e5f7b73524f941da18d3e15be9bc9161c 171850
libcloud_0.5.0.orig.tar.bz2
098355814c9fd9b860fce67d16d57dfc9d48c058f44b362ff8b8d44ff73c8fa3 2630
libcloud_0.5.0-1.debian.tar.gz
45e3343d8b06a9e33a4a28c017d7a835840799d37d84e15d5ef32d48e37c9264 115336
python-libcloud_0.5.0-1_all.deb
Files:
80fc9cdc06cd56a7bb02504e92b25e88 1788 python optional libcloud_0.5.0-1.dsc
197ae0cd0a762e1987f21adc8848d912 171850 python optional
libcloud_0.5.0.orig.tar.bz2
d01c27a1d3cb469ab9d184788d90af35 2630 python optional
libcloud_0.5.0-1.debian.tar.gz
a42506d16c89ff51a6d4a89c2685058c 115336 python optional
python-libcloud_0.5.0-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJN90b9AAoJEACQ/CG1zRrMzAMP/0EMKYokRn6JtJiesC2bLUhK
G3jnLW5XlUc1x91j6sSkuDNf/0yPmrMj/jlb7j1vzKP3r1qeM9qyqWCUVOX841jz
bhKLB3Ol/JOcyQAxBLqqCWgx6PFhKGapMGzJRgMJAV/tHeQlYS8FwahYIkYOdQT2
veYgPXAkQOTTf/SqTUaEnLoUZf3i4hqrgxfs6q/Or3dKb8BH7xGgYpx/rlmewYno
aC1aOYIR7hNSQYMSNMc188mZnn2YHELpn1lGExR9jQrcbweoT5W/UJrMNUgvK2nE
3YRwswa1wRKwL7Lul1/O++4C6J8w0wB9pGZv/J5MZcHFW0FiPbLZVeICqvxCrFPj
hv3vBAmiV2dCRPxnl11HK7JlWVkzxPDife/hdtHO9wmQvB1HkvXOpqYNv15sSyz1
nauHiJIU3eMRGYtar6EfOW+VOPEUX+02QgyfVMp7OI9Fcf3arntHCldyAobjGLv6
e014c0GwSzY4dJlji1qX7H8aJXvJxETOT6NPfEl/9+ZGkCz3QUeciHDe2aegjXPV
j0ZHrABn+fFLhWogE8+7dCaQTiRUppLLyVZCGcsL3ttCMK5M2I+IiQ6KO47MO7DS
1iJUmZ/vcRH2yJki75typpS9cUfvoneYMN3EKfKMAYveP1WoTZmpdH7W5EztbUtG
E51WSEu36t4ByQktl6p7
=NLp1
-----END PGP SIGNATURE-----
--- End Message ---
